Live chat

Chargify is Secure Billing
Software

At Chargify, security is of paramount importance in every action and decision
we make. Remaining constantly vigilant, we continually improve and extend
the security of our application and the protection of the data entrusted to us.

Chargify is a PCI Service Provider Level 1

We are audited each year by a PCI-certified Qualified Security Assessor to ensure that we have established and maintain the appropriate security practices prescribed by the Payment Card Industry Data Security Standard for a service handling sensitive payment cardholder data.

Download Chargify's compliance validation.

Enforced standardized SSL encryption for all communication

We go to great lengths to keep your data safe and secure. You should never log in to Chargify over an unencrypted connection and you should never communicate with the Chargify application or API without using an HTTPS URL.

Persistent protection and safety scanning

We are continually evaluating our security and looking for ways to improve. We undertake the following tasks on a regular basis:

  • Scan both our internal and external networks to ensure that we have secured against known vulnerabilities.
  • Audit our codebase for possible security flaws.
  • Patch third-party software and services as vulnerabilities are found and fixed.
  • Subject our application to “penetration testing” by skilled and ethical “hackers.”

Full disclosure

If you believe you've discovered a potential flaw in any area of our security measures, we ask that you share the information with us first! When you report an issue to security@chargify.com, you can expect the following:

  • We’ll acknowledge your submission and provide ongoing updates as we investigate.
  • We may ask for more information or details about the behavior you expect or how you produced your results.
  • Once an issue has been addressed, we’ll notify you with the appropriate next steps.
  • Qualifying disclosures will make you eligible for our list of Whitehat Security Researchers.

We ask you to kindly retain secrecy of your findings until we have remediated the issue. Once the flaw has been fixed, you are free to disclose your results as you see fit.

Please note: We do not accept and will not respond to security reports related to our non-application marketing sites (e.g., chargify.com, www.chargify.com, status.chargify.com, docs.chargify.com, etc.). These sites do not have user information, login ability, or databases. Only disclosures for our database-backed Web application will receive a response.

PGP Key

We provide a PGP key to encrypt sensitive communication that you send to us:

  • Key ID: DC034200
  • Key type: RSA
  • Key size: 4096
  • User ID: security@chargify.com
  • Fingerprint: 4849 BC00 4F49 957E C4D0 82F2 05E9 F5E1 DC03 4200
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1

mQINBFMwQxcBEADusYOJnPWwczGlg/aoFtwqvn3QIdCNTL/9DGDAQWryI3KSd0H3
2DNsVZg2rj7+gbV4g9NJ6pPjlt12HL1ICWNATDXjvfYuEnSl1s9juNVv5QJ6aV+/
G1pyagHvJrncCjJEh9A3CMSwgYn8HxsCrqHXPqGTNHtYWh8xhsdYF/6pI4ntYJxL
W05jfYVSkFK6C9orwC8BEgzaccKlT6OUpJjAjZj8+TgNeZHRJZZx/NOGi1fZ6pcQ
JTxKI9Hrn62PaA6F4smaSkBQv8pgmZFn9GsI0jvxUfiA122VlMe8+D3SK/oxSxZJ
cFs+u7CRDtdaDM4/1X0Wz3C+xgIAVtv3nKqAMMDD5OXq3qaEAGGKUxxIUHs7mriD
uDozFsCbEITBND7fIL8KlpnyuveGSoj1O512yw57mi5x9L/4LfCOCD+q9+tq/hGE
okXmzr0UcQkp5zpsrnO+TUJ7KabFftu6r5c+M0rFI0K4lYVLWcZXs3/OgiM2Yek/
e2P9TlO1/w24MsYf4ip/yrVrfbc3x97W7LqnU4vpRoldYskXkDDB/JzNxd6mee4f
1Ts/bwweHFpU9SX+lQ7wURqCnOM3ZbGl62o78U9b4lNJiPg8es8HD0ZJpk600jeG
7iAlE0O7XGEkoi1r8SKAV15krC1NaDHgokX3QxOyI8dFcG10/4pcX2fkpwARAQAB
tClDaGFyZ2lmeSBTZWN1cml0eSA8c2VjdXJpdHlAY2hhcmdpZnkuY29tPokCPgQT
AQIAKAUCUzBDFwIbAwUJAgIpAAYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQ
Ben14dwDQgDixw//esdKfEVxAha25Ken1gKTQj9Jb4P01oPkF/8OpIzXtQPekdvK
NrtskAOyhq89L7h88O+XcyXaZ2AsdsPzKd2SzIjgrYKN8n9I/t6vemj/2usNQ3Rz
S3li/zAxVasGQJCUk1xq9iL8MeLVuDmiKzbbV4z2bwU4aPzaqQwpGbI/EcS5SR/O
Eu4PZajoQncGk7MJmSfeECJGStd4nZpnNlDNioWHA4+U/AnwfjGPnaD4/UzjDPU8
ReOwcOy0CK7GMeyY/7iynwae1uJBYs+NVd7ocxwWQpiYz9o0gkcUorimVyL+xVZi
Le6U/b+HG/czrd3Nd7tOp6ajXzdh075RIQgXAXQwTycyL25FDQwwAm5TmgeVqNPY
wpZgjaNkyek5dnhsA8xEfs4BNS6tIPf50d1mIgYpC6rsqb3/5wrYlZc0rTVyS5HY
/js7+lkpjOCZJskaa/qtFM1tM33oFwVlLgstd98ogq0NBX48ck65tRNzkQkryV58
NMNetJOe2ioYPtF7VAc5ycX7qN+ObU+ueSBzQmQR9/kI0lwUGbJ+n2FOOWBffyAT
nYJEPJXKsObpxv+gPZ5UV6g5XMSEYMl4g+8TwsFen2gQgtUeCTAHoFTWqai2VCC9
GGlyvqvvy5l1OG6/mYPKL3LaBgZVPpMXJsbc3Xb5ZLNtAlT1fV8sEWlsnSe5Ag0E
UzBDFwEQANLM2aV1IVkNXwDeQtia2wlKaIlx3WUWqZY+oKwsJjn3zTWBzvqXz244
nxokDQKR16VZugqfu2RiAo3yhDvoaO1KhbKGTMCUVRthw0/uqQt3fYh1Yh9Bm9+Y
O/nx/VO9BA5K2+wH+0t3y5EokJH8sXX329RhxHXilUh8aYKByPpsUYgnvC7fPkAt
0rKILDPrCxfLy5D8JHVK66mXsTPIlFNb62xR0ln/XyskMejNM6050KPqppjWra9N
Q4hm5KNI2vnCVGLuFq3dxcKtY7ftryhJfw9SWetBorPNPQiELFpWnl8RnLEU4KlA
Kriu1pmLTE15hHRSOhuXvlnpYGFz7FyBlRP9e/kdt3MvGNRWRq+n8fQ8/v+JG0iM
3U31aNkbGgAVuVN/U54ciNzyAhJgL8r8t4eVu8+pgAOPTn5te9b/XMGTmIc0Y9eg
f9pcIbkK+41yfQsxTFghTCa8lhbrVMr4BXtkWOBx6ILB5uMkhSd56bW4Km7X/xWQ
7EMNhK3KZ6Hm1ATlVuSiPc+P6o+zsOnnIxu6duy7Bu1E40yXFciZGAF9TGQvfItr
A7DbwF65TqcgQ1y5Pq8EdBwqjDs6Uav43sfj9tGj9jrP8Y0BW2Xic4UB/wr+rc/c
KCWaMZv9ls+9myLINMsIHJVmjGnYXjAfe9R3BcLmGmp8QWeY8KMBABEBAAGJAiUE
GAECAA8FAlMwQxcCGwwFCQICKQAACgkQBen14dwDQgCkbQ//baM8waO8OZPEA6d4
UiJNjYYJ7rnDCiqhqsT1FjLCz8lB1xmsL+B4FfyEg1NpRjbya+q72fk6wmYx21zh
qsY4QAMlZXhbXjGkOIDUS5ehokTYVCm46Eebnhscgv6hSSNaCFblpf0AsQqADpqp
USbbV5kSlrc0b+5BjHFxBZCeMPcCknM8qWERSuVDsZ2mdX1bOF4Aty/kboDrOgCx
3wwECUyewItbK4Z7j8tmtCijIpPUkeB37kvX61hkBzBYJUx6H02Lxc7nrYR1VW2r
iaOVaGYRfIngyrjbBeCxGGi6CkXBFW4TL1W+oosuKERXhDEUEBJxxi13PNMU9clr
s2t+dGExF7/IMt/6BEajLT3qagKpew2bbGVC57PIV4lbWUJskFAPGDmgiOqtDJ5R
JQbgXULMfPLLRHv6PH69VhFle9D6jJXusS2PqO1F9Tfm63S3CK6sek5uocshXLGd
TFg49BYsGR23Y+16s+8V8o2mfWvNlNFQjYl+kQh1BZ2P9eD6m+cr2X/mVT/HbQKC
AVtCj/InxA00ny0vzl4niI8VHHPP9h/kg3GV2TAi5QVM7PMKVgi70TZMTi+1JLNX
dE+I/L2QV1evR1ySM6T/j778is70ceWT6+efHzvN1gg0W2qG/5K+5jXnWtLz9sqw
RPj2mXW0yYCLTxvouZYNf3Qjw5Y=
=QxkH
-----END PGP PUBLIC KEY BLOCK-----

Whitehat Hall of Fame

We maintain a list of all Whitehat Security Researchers who help us find a fix vulnerabilities.  Special thanks goes out to all these researchers!